Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/OQuXd7UdaOA-GbEo1GMR3iugsbg.roa
File: OQuXd7UdaOA-GbEo1GMR3iugsbg.roa (raw, json)
Hash identifier: kb5r3TGdsCm1I6bfZvHEpmga0q4azbQG51OGa2P4UsY=
Subject key identifier: 39:0B:97:77:B5:1D:68:E0:3E:19:B1:28:D4:63:11:DE:2B:A0:B1:B8
Certificate issuer: /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial: 019CDC249A125653C1E9B72DC7F61A5FDDA2
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/OQuXd7UdaOA-GbEo1GMR3iugsbg.roa
Signing time: Wed 11 Mar 2026 09:05:11 +0000
ROA not before: Wed 11 Mar 2026 09:05:11 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 174
IP address blocks: 104.238.31.0/24 maxlen: 24
104.243.192.0/24 maxlen: 24
204.52.104.0/24 maxlen: 24
216.173.88.0/23 maxlen: 23
216.173.92.0/24 maxlen: 24
216.173.93.0/24 maxlen: 24
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 16 Mar 2026 15:00:29 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:dc:24:9a:12:56:53:c1:e9:b7:2d:c7:f6:1a:5f:dd:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
Validity
Not Before: Mar 11 09:05:11 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=390b9777b51d68e03e19b128d46311de2ba0b1b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:6d:66:c3:ef:bd:f2:37:22:70:6d:fa:09:2d:
80:55:ab:07:73:11:a1:7b:6b:af:2a:2b:b7:d0:1f:
d6:e6:c3:a4:98:48:ae:e6:93:60:c1:ca:53:23:94:
9d:cf:64:d3:5c:a8:5e:88:fb:c7:ba:7a:85:83:cb:
8b:93:c1:ae:36:97:98:1f:24:5a:4f:4d:c8:a9:c3:
00:98:48:b1:e6:60:97:e5:26:5a:05:89:7e:19:97:
fe:a6:8c:0f:a3:92:5e:5d:11:60:59:9b:a0:fc:69:
ea:04:ee:27:50:e6:20:a9:80:ed:d1:56:8b:80:22:
aa:ba:f3:86:c9:72:35:75:fa:94:2e:e2:5a:26:82:
30:73:28:23:65:74:0e:41:bf:7f:86:b0:17:7d:6e:
2e:b6:e3:3f:b2:ec:1a:1c:f9:98:bc:b5:b4:36:1c:
ca:bf:9a:9a:d3:4f:3e:ba:58:fb:8b:e0:9f:e1:6a:
a6:5f:92:85:5e:66:ca:a4:b3:44:7e:7b:c3:a3:96:
42:65:bb:99:86:42:2c:41:d3:bf:47:7f:31:84:e6:
be:2d:d5:d3:c9:4f:21:b4:91:16:c6:05:04:db:59:
03:6e:a4:63:cc:9c:d2:df:bb:13:39:3a:bb:c1:8b:
57:77:2e:81:d9:72:76:e0:f8:18:eb:f8:0a:4b:a1:
1a:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:0B:97:77:B5:1D:68:E0:3E:19:B1:28:D4:63:11:DE:2B:A0:B1:B8
X509v3 Authority Key Identifier:
keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/OQuXd7UdaOA-GbEo1GMR3iugsbg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
104.238.31.0/24
104.243.192.0/24
204.52.104.0/24
216.173.88.0/23
216.173.92.0/23
Signature Algorithm: sha256WithRSAEncryption
4e:4a:81:9f:a5:12:71:f8:db:ef:77:a5:a8:5e:3a:8c:af:20:
67:d1:15:f1:78:79:95:c5:d6:04:75:98:04:8a:05:df:43:6b:
91:d8:4f:b8:40:ce:74:f1:b3:64:45:b6:36:05:f2:ad:38:ab:
13:41:a9:79:21:2a:63:0d:c5:fe:7e:ea:50:06:92:61:1f:34:
db:71:86:18:19:a2:a8:1e:ad:62:cf:80:3c:77:bb:f6:c8:32:
d9:c3:a9:66:0a:48:c5:76:6a:4f:25:ab:bf:c1:4f:76:7f:c2:
9c:39:02:3c:0e:81:bf:a4:88:83:91:6f:90:0d:25:0d:a8:97:
87:50:1c:d4:fd:e9:1c:7d:a5:e0:06:ec:bf:ff:6c:60:66:f7:
46:b3:f5:8e:46:6a:46:a9:a4:31:2f:70:b3:49:b4:25:bf:a8:
ba:1b:39:e3:38:a1:26:d3:00:1c:93:23:85:26:35:1f:8b:07:
9b:2b:36:c5:67:ae:0f:c3:53:56:00:5b:0d:e5:a8:68:f9:5c:
73:a6:44:ad:19:54:e8:34:66:dd:d3:32:96:c0:dc:f2:d5:f3:
15:57:5e:b4:b7:d9:86:b3:96:bc:c2:dc:7c:18:b3:8f:66:c4:
25:4d:ca:59:f6:95:8b:1c:33:95:d1:ec:a4:41:2c:80:05:3c:
e6:77:86:db
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZzcJJoSVlPB6bctx/YaX92iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMzExMDkwNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTBiOTc3N2I1MWQ2OGUwM2UxOWIxMjhkNDYzMTFkZTJiYTBiMWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5W1mw++98jcicG36CS2AVasHcxGh
e2uvKiu30B/W5sOkmEiu5pNgwcpTI5Sdz2TTXKheiPvHunqFg8uLk8GuNpeYHyRa
T03IqcMAmEix5mCX5SZaBYl+GZf+powPo5JeXRFgWZug/GnqBO4nUOYgqYDt0VaL
gCKquvOGyXI1dfqULuJaJoIwcygjZXQOQb9/hrAXfW4utuM/suwaHPmYvLW0NhzK
v5qa008+ulj7i+Cf4WqmX5KFXmbKpLNEfnvDo5ZCZbuZhkIsQdO/R38xhOa+LdXT
yU8htJEWxgUE21kDbqRjzJzS37sTOTq7wYtXdy6B2XJ24PgY6/gKS6EazwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDkLl3e1HWjgPhmxKNRjEd4roLG4MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvT1F1WGQ3VWRhT0EtR2JFbzFHTVIzaXVnc2JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAaO4fAwQA
aPPAAwQAzDRoAwQB2K1YAwQB2K1cMA0GCSqGSIb3DQEBCwUAA4IBAQBOSoGfpRJx
+Nvvd6WoXjqMryBn0RXxeHmVxdYEdZgEigXfQ2uR2E+4QM508bNkRbY2BfKtOKsT
Qal5ISpjDcX+fupQBpJhHzTbcYYYGaKoHq1iz4A8d7v2yDLZw6lmCkjFdmpPJau/
wU92f8KcOQI8DoG/pIiDkW+QDSUNqJeHUBzU/ekcfaXgBuy//2xgZvdGs/WORmpG
qaQxL3CzSbQlv6i6GznjOKEm0wAckyOFJjUfiwebKzbFZ64Pw1NWAFsN5aho+Vxz
pkStGVToNGbd0zKWwNzy1fMVV160t9mGs5a8wtx8GLOPZsQlTcpZ9pWLHDOV0eyk
QSyABTzmd4bb
-----END CERTIFICATE-----
Generated at Mon Mar 16 01:10:32 2026 by rpki-client